Hello everybody, I'm new in this forum. I don't know where to place this thread, because it's about VB6 and C, but I think the problem is in the C code so here I am. I'm working with C with no special focus, so the solution can be in C++ too :)

Well, this is the problem. I have a VB6 program that simply calls a function when the Command1 is pressed. This one:

Public Function SampleSub(ByVal x As Integer, ByVal y As Integer) As Boolean
    MsgBox "Hello world!"
    SampleSub = True
End Function

I'm trying to call it from C like this:

#include "main.h"

typedef BOOL (__stdcall *SampleSubPtr)(WORD, WORD);
static SampleSubPtr SampleSub;

    BOOL ret;

    if (fdwReason == DLL_PROCESS_ATTACH)
            SampleSub = (SampleSubPtr)(0x00401B90);
            if (SampleSub == NULL)
                MessageBox(0, "SampleSub is NULL.", "M", 0);
            ret = SampleSub(5, 5);

    return TRUE;

0x00401B90 is the pointer to the VB6 function. Then I place this DLL into the VB6 program memory space and the function is called. But it simply doesn't work. Debugging this with OllyDbg gives me this error when calling the function:

Access violation when reading [00000076]

I'm 100% sure that the function is at the address 0x00401B90. VB6 uses __stdcall and I use __stdcall from C. VB6 uses 16-bit integers and I use 16-bit integers (WORD) from C.

I can't solve this. Any ideas?

Thanks in advance! :)

3 Years
Discussion Span
Last Post by Arm55

What makes you think the function is loaded at 0x00401B90 ??? Under MS-Windows you never know where a dll or program is loaded and any attempt to guess will most likely be wrong. Your c or c++ program needs to call GetProcAddress() after calling LoadLibrary() in order to get the address.


Hello, thanks for your answer. The function which I want to call belongs to a VB6 executable, and it doesn't export any function, is GetProcAddress() still useful? Also, using AddressOf SampleSub in the VB6 executable always returns the same address, that's why I know that every time I execute it the function is at 0x00401B90.

Thanks again.


I think addressof returns the offset of the function from the beginning of the executable, not the absolute address in memory. Here are some invalid uses of the AddressOf operator.

The function which I want to call belongs to a VB6 executable,

I thought you were talking about a DLL written in VB. LoadLibrary() can't be used to load a *.exe file into the address space of the calling process.

Here are three ways to inject your code into another process.


Thanks for your answer again. I think that what you say is very reasonable, I'll check out that. Currently I'm putting my C code into a DLL and injecting it into the VB6 process. But I was thinking... If my DLL is loaded into the VB6 process memory, won't the system automatically do vbExeAddress + 0x00401B9 when trying to access to 0x00401B9? Or I'll have to manually add the process address to the SampleSub() address to get the real function address?


I tried but it fails too, because the process is loaded at 0x00400000, so if I do 0x00400000 + 0x00401B90 the resulting address is 0x00801B90. Now I'm getting an access violation when executing 0x00801B90. But I think that the problem is there, some offset, pointers and memory addresses stuff.

Any other ideas?

This article has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.